A draft cybersecurity executive order, first obtained by The Washington Post, would mandate a review of the most critical U.S. cyber vulnerabilities, the principal cyber adversaries of the U.S., ways to incentivize cybersecurity measures in the private sector, and the capabilities of the Department of Defense (DoD), Department of Homeland Security (DHS), and the National Security Agency (NSA).
“It’s a good sign that in its first week, the new administration is immediately focusing on how we can better manage and secure our government’s networks and connected devices,” said David Damato, chief security officer at Tanium. “This type of review has long been needed, as many government agencies do not even know how many endpoints are on their network, making it impossible to manage or secure them.”
So far, President Donald Trump’s administration’s outlines of U.S. cyber capabilities and plans have been characterized as vague. The White House has not responded to requests to verify the authenticity of the draft order leaked to the press.
The secretary of defense, director of national intelligence, and secretary of homeland security would all play prominent roles as co-chairs in many of the reviews, while the secretaries of commerce and treasury would also co-chair the private sector incentives review.
Both the vulnerabilities and adversaries reviews would be required to be completed within 60 days of the date of the order, and the private sector report would have to be completed within 100 days. There is no specific timeline for the capabilities review.
In July 2016, President Barack Obama instituted a Cybersecurity National Action Plan, which codified law enforcement responsibilities during a cyber incident. This order, however, addresses overall U.S preparedness to deal with a cyber incident.